Dubai: The UAE Central Bank has confirmed that banks, insurance companies and all financial institutions licensed by the regulator must provide customers with comprehensive protection against fraud through advanced authentication methods, including fingerprint verification, facial recognition and secure authentication through official banking applications.In a disclosure, the Central Bank said that customers who fall victim to fraud must immediately notify their financial institution so appropriate action can be taken without delay.The regulator stated that if an investigation confirms that the fraud occurred through the misuse of a one-time password (OTP) sent via SMS only, the financial institution is obligated to return the full amount to the customer after verifying the validity of the report.The Central Bank clarified that this measure applies specifically to fraud cases involving OTP verification codes sent by text message.Shift away from SMS OTPsThe disclosure comes after the Central Bank began implementing the gradual phase-out of OTPs sent via SMS or email on July 25, 2025, replacing them with more secure authentication mechanisms integrated into banking applications.The move was introduced in response to a rise in cyber fraud attempts targeting customers, with fraudsters exploiting SMS-delivered verification codes to gain access to accounts or carry out unauthorised transactions.Under the new system, customers approve transactions directly through their bank's mobile application using biometric authentication methods such as fingerprints, facial recognition or secure in-app access codes.According to the Central Bank, the transition forms part of a broader strategy to strengthen the financial sector's digital infrastructure, enhance the security of electronic banking services and increase customer confidence in digital channels.Banks have also urged customers to update their mobile applications and ensure secure in-app authentication features are activated.Fraud prevention measuresThe Central Bank advised customers not to approve any financial transaction unless all details are clearly verified, including the merchant's name and transaction value.If a customer suspects fraud, the regulator said they should immediately request that the bank card be frozen through official channels, adjust spending limits or security settings where necessary, and obtain a reference number for complaint follow-up.The Central Bank added that if a complaint is rejected, the financial institution must clearly explain the reason for the decision. Customers may then escalate the matter to Sanadak, the Banking and Insurance Disputes Resolution Unit."The safety of customers in the UAE is the responsibility of the Central Bank and remains among its top priorities," the regulator said.